- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Tue, 24 Apr 2018 15:20:29 +0000
- To: public-webauthn@w3.org
agl has just submitted a new pull request for https://github.com/w3c/webauthn: == Include an AuthenticatorTransport when creating a new credential. == FIDO U2F found it neccessary to wedge the authenticator transport in an X.509 extension of the attestation certificate in order to communicate this information to the RP. In Webauthn, we currently note that it's possible that an RP might learn this information from the attestation, but now have several kinds of attesattion and it seems dumb to define ways to wedge this information in each. Instead, have the client include the transport in the AuthenticatorAttestationResponse. Also, define another transport type for cases where a non-standard protocol is used to communicate with a platform authenticator. Since interface attributes cannot be optional, this technically defines a breaking change, although I don't believe that it will break anything in practice. Still, this could also be punted to an extension if we wished. However, given that U2F found it to be central, I've gone this route. See https://github.com/w3c/webauthn/pull/882
Received on Tuesday, 24 April 2018 15:20:51 UTC